Export (0) Print
Expand All
3 out of 4 rated this helpful - Rate this topic

The Windows Mobile Security Architecture

6/2/2010

The Windows Mobile security architecture helps protect corporate data and communications while utilizing the enterprise's existing infrastructure investment. This architecture is designed to put organizations in control of their own security and data. Unlike some solutions, corporate data is not required to go through a third-party network operations center, which has associated risks of downtime and information compromise. In addition, Windows Mobile powered devices can communicate with enterprise communication services using industry-standard protocols that run on virtually all mobile operator networks, eliminating geographical restrictions on service availability.

The following figure shows a high-level view of the Windows Mobile security architecture, including Windows Mobile powered devices, Exchange Server, and existing corporate network components.

Cc182290.d14b893c-4891-4b1a-912d-5627fbf65c35(en-us,TechNet.10).gif

The Windows Mobile security architecture offers the following features to help protect devices and the enterprise network against a variety of threats and risks:

Threat or Risk Windows Mobile Security Features WM 5.0 WM 5.0 with MSFP WM 6

Access to data because of device theft or loss

Strong device password protection

X

X

X

Device lock requires a password or PIN to access the device when it is turned on

X

X

X

Local device wipe occurs after a specified number of incorrect login attempts

X

X

Remote device wipe erases data and helps to prevent unauthorized use

X

X

Exponential back-off if incorrect passwords are entered

X

X

X

Local storage card wipe erases data and helps to prevent unauthorized use

X

Remote storage card wipe erases data and helps to prevent unauthorized use

X

Storage card encryption helps to prevent unauthorized use

X

Custom Local Authentication Subsystem (LAS) and Local Authentication Plug-in (LAP) provide the infrastructure for authentication by sophisticated third-party hardware and software methods.

X

X

X

Password policy enforcement, such as required password for synchronization

X

X

Access to data during transmission

Secure Sockets Layer (SSL) encryption of all data transmitted between the device and the corporate mail server

X

X

X

Advanced Encryption Standard for SSL channel encryption in 128- and 256-bit cipher strengths.

X

Encrypted data passes through a single SSL port on the firewall

X

X

X

Supports Information Rights Management protection of e-mail.

X

Cryptographic implementations are certified by US Federal Information Processing Standard (FIPS) 140-2, and are designed to be protected against a variety of potential threats. Supported algorithms include:

  • Advanced Encryption Standard (AES)
  • DES and 3DES,
  • Secure Hash Algorithm (SHA-1),
  • RSA public-key encryption and decryption.

X

X

X

Unauthorized penetration into corporate network

Flexible client authentication: SSL TLS, Exchange ActiveSync, Certificate-based, RSA SecurID-protected

X

X

X

Users can add root certificates without being a manager of the device; user root certificates will not compromise the level of security established by the device management security settings.

X

Unauthorized penetration into mobile device

Security policies help to control over-the-air access to device

X

X

X

Bluetooth discovery mode can be prohibited to help guard device integrity (Supported by Windows Mobile 6 Standard only)

X

Device corruption

Security policies help control acceptance of unsigned attachments, applications, or files

  • Two-tier access for code execution control — executable runs if it is signed; permissions indicate access. (Supported by Windows Mobile-based Smartphone and Windows Mobile 6 Standard only)
  • One-tier access for code execution control — executable runs if it is signed.

X

X

X

Attachments for download can be denied or size-restricted

X

Malicious software or viruses on mobile devices

Office Mobile does not support macros, so viruses cannot leverage them to do damage

X

X

X

Code execution control allows the device to be locked so that only applications signed with a trusted certificate can run

X

X

X

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.